<?php
/* This file is part of Mirasol CMS
   (C) 2011-2012 by Chris Alban Hansen.
   Released under the terms of the GNU General Public License.
   See COPYING in the top level directory of the Mirasol CMS installation. */

include "{$_SERVER['DOCUMENT_ROOT']}/includes/config.php";
include "{$_SERVER['DOCUMENT_ROOT']}/includes/db.php";
include "{$_SERVER['DOCUMENT_ROOT']}/includes/login.php";

if ($login['username'] == "")
{
  header ("location: ./");
  exit;
}

$connection = db_open ();

/* Create the XML feed */
if (isset ($_POST['tid']))
{
  $templatename = mysql_real_escape_string (htmlentities (trim ($_POST['templatename']), ENT_COMPAT, "UTF-8", false));
  $templatelayout = trim ($_POST['templatelayout']);
  $template = "<template>";
  
  $fieldcount = $_POST['fieldcount'];
  $n = 1;
  while ($n <= $fieldcount)
    {
      $type = "type$n";
      $name = "name$n";
      $label = "label$n";
      $delfield = "delfield$n";
      if (!isset ($_POST[$delfield]))
        $template .= "<field type=\"".trim ($_POST[$type])."\" name=\"".trim ($_POST[$name])."\" label=\"".trim ($_POST[$label])."\" />";
      $n++;
    }
  
  if (isset ($_POST['addfield']))
    $template .= "<field type=\"text\" name=\"field$n\" label=\"Field$n\" />";
  
  $template .= "</template>";
  
  /* Now update the template in the database */
  mysql_query ("UPDATE ".db_maketablename ($table_templates)." SET name='$templatename', fields='".mysql_real_escape_string ($template)."', xslt='$templatelayout' WHERE id='{$_POST['tid']}'");
  
   /* Add a new style? */
  $now = time ();
  if (isset ($_POST['addstyle']))
    mysql_query ("INSERT INTO ".db_maketablename ($table_styles_rel)." (style_id, template_id, identifier, linked) VALUES ('0', '{$_POST['tid']}', 'style_$now', '1')");
  
  /* Process styles */
  $stylecount = $_POST['stylecount'];
  $n = 1;
  while ($n <= $stylecount)
    {
      $name = "style_name$n";
      $identifier = "style_identifier$n";
      $identifier_s = mysql_real_escape_string (trim ($_POST[$identifier]));
      $linked = "style_linked$n";
      $id = "style_id$n";
      $delstyle = "delstyle$n";
      if (isset ($_POST[$delstyle]))
        mysql_query ("DELETE FROM ".db_maketablename ($table_styles_rel)." WHERE id='{$_POST[$id]}'");
      else
        mysql_query ("UPDATE ".db_maketablename ($table_styles_rel)." SET style_id='{$_POST[$name]}', identifier='$identifier_s', linked='{$_POST[$linked]}' WHERE id='{$_POST[$id]}'");
      $n++;
    }

   /* Add a new file? */
  $now = time ();
  if (isset ($_POST['addfile']))
    mysql_query ("INSERT INTO ".db_maketablename ($table_files_rel)." (file_id, template_id, identifier) VALUES ('0', '{$_POST['tid']}', 'file_$now')");
  
  /* Process files */
  $filecount = $_POST['filecount'];
  $n = 1;
  while ($n <= $filecount)
    {
      $file_id = "file_id$n";
      $identifier = "file_identifier$n";
      $identifier_s = mysql_real_escape_string (trim ($_POST[$identifier]));
      $id = "filerel_id$n";
      $delfile = "delfile$n";
      if (isset ($_POST[$delfile]))
        mysql_query ("DELETE FROM ".db_maketablename ($table_files_rel)." WHERE id='{$_POST[$id]}'");
      else
        mysql_query ("UPDATE ".db_maketablename ($table_files_rel)." SET file_id='{$_POST[$file_id]}', identifier='$identifier_s' WHERE id='{$_POST[$id]}'");
      $n++;
    }

   /* Add a new datasheet? */
  $now = time ();
  if (isset ($_POST['adddatasheet']))
    mysql_query ("INSERT INTO ".db_maketablename ($table_datasheets_rel)." (datasheet_id, template_id, identifier, order_asc) VALUES ('0', '{$_POST['tid']}', 'datasheet_$now', '1')");
  
  /* Process datasheets */
  $datasheetcount = $_POST['datasheetcount'];
  $n = 1;
  while ($n <= $datasheetcount)
    {
      $datasheet_id = "datasheet_name$n";
      $identifier = "datasheet_identifier$n";
      $identifier_s = mysql_real_escape_string (trim ($_POST[$identifier]));
      $order_field = "datasheet_order_field$n";
      $order_field_s = mysql_real_escape_string (trim ($_POST[$order_field]));
      if ($order_field_s == "0")
        $order_field_s = "";
      $order_asc = "datasheet_order_asc$n";
      $filter = "datasheet_filter$n";
      $filter_s = mysql_real_escape_string (trim ($_POST[$filter]));
      $deldatasheet = "deldatasheet$n";
      $id = "datasheetrel_id$n";
      if (isset ($_POST[$deldatasheet]))
        mysql_query ("DELETE FROM ".db_maketablename ($table_datasheets_rel)." WHERE id='{$_POST[$id]}'");
      else
        mysql_query ("UPDATE ".db_maketablename ($table_datasheets_rel)." SET datasheet_id='{$_POST[$datasheet_id]}',  identifier='$identifier_s',  order_field='$order_field_s', order_asc='{$_POST[$order_asc]}', filter='$filter_s' WHERE id='{$_POST[$id]}'");
      $n++;
    }
}

db_close ($connection);
header ("location:$app_adminpath/?p=templates&tid={$_POST['tid']}&show={$_POST['show']}");
exit;
?>
